Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?

"John Levine" <johnl@taugh.com> Sun, 28 May 2017 15:27 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 653DB1273E2 for <dmarc@ietfa.amsl.com>; Sun, 28 May 2017 08:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HV3cDrAo0XLY for <dmarc@ietfa.amsl.com>; Sun, 28 May 2017 08:27:37 -0700 (PDT)
Received: from miucha.iecc.com (w6.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D7D9127241 for <dmarc@ietf.org>; Sun, 28 May 2017 08:27:36 -0700 (PDT)
Received: (qmail 82983 invoked by uid 100); 28 May 2017 15:27:36 -0000
Delivered-To: reroute list-iecc-lists-ietf-dmarc@johnlevine.com
Date: Sun, 28 May 2017 15:27:35 +0000
Message-ID: <ogeq97$2u0k$1@gal.iecc.com>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Organization: Taughannock Networks, Trumansburg NY
References: <43d13efe-c0c4-62a6-490c-4e92eb265d65@gmail.com><alpine.OSX.2.21.1705242026410.29429@ary.qy> <43d13efe-c0c4-62a6-490c-4e92eb265d65@gmail.com> <8F87F9DE-C87E-406E-BA49-6AEA5DC17283@kitterman.com>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@aryv.qy (John L)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/PADNqIaPX_WGdoAsrINeh-y-Bz8>
Subject: Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 May 2017 15:27:38 -0000

In article <8F87F9DE-C87E-406E-BA49-6AEA5DC17283@kitterman.com>,
>Nothing other than potentially ARC requires multiple AR header fields for different authentication types to be combined.  These different
>verification operations (e.g. SPF, DKIM, and DMARC) are generally performed be different processes that add their own AR field.

Since DMARC needs the results of SPF and DKIM, how does that work?
Does DMARC look at the A-R that the other two created or is there a
side channel?  It occurs to me that a DMARC process has everything
needed to make a header that combines all three.

>It probably makes sense to stick the sender with the complexity of dealing with multiple AR fields and combining then, but let's not pretend there's an overall simplification here.

In ARC, definitely.  My setup already does a combined header, since I
wrote one plugin that calls all three libraries.  On my setup
(mailfront) it was a lot easier than doing it separately.


R's,
John